Search This Blog

Showing posts with label Nord Security. Show all posts

Will VPN Providers and the Indian Government Clash Over New Rules on User Data Collection?


The Ministry of Electronics and Information Technology, which administers CERT-in, has mandated all VPN providers and cryptocurrency exchanges save user records for five years. Some of the most well-known VPN providers, such as NordVPN and ExpressVPN, claim to collect only the most basic information about their customers and to provide ways for them to stay relatively anonymous by accepting Bitcoin payments. 

VPNs reroute users' internet connections through a separate network; this can be done for a variety of reasons, such as connecting to a workplace network that is not available from the general internet or accessing prohibited websites by using servers in other nations. 

Another characteristic of VPNs several VPN companies like Nord promote as a selling factor is privacy. They frequently claim to keep no logs; Nord's no-logs policy has been examined by PriceWaterhouseCoopers regularly. However, the IT Ministry's ruling would force the corporation to deviate from such a guideline for servers in India.

What sort of data does the government expect firms to preserve? 
  • Names of subscribers/customers who have hired the services have been verified.
  • Hire period, including dates.
  • IP addresses assigned to/used by members.
  • At the moment of registration/onboarding, the email address, IP address, and time stamp were utilized. 
  • Why are users hiring services? 
  • Validated contact information and addresses.
  • Subscriber/customer ownership patterns when hiring services.

Official orders from CERT-In, the government agency in charge of investigating and archiving national cybersecurity incidents, have generated controversy. It was announced in a press release for all "Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers, and Virtual Private Network Service (VPN Service) providers" would be bound to maintain a variety of user data for at least five years after the service was canceled or discontinued. 

VPN industry's comment on user data?

ExpressVPN stated, that their apps and VPN servers have been meticulously designed to completely erase sensitive data. As a result, ExpressVPN will never be forced to give non-existent client data.

"Our team is currently analyzing the latest Indian government decree to determine the best course of action. Because the law will not take effect for at least two months, we are continuing to work as usual. We are committed to protecting our clients' privacy, thus if no other options exist, we may withdraw our servers from India," Patricija Cerniauskaite, a spokesman for NordVPN stated.

If NordVPN leaves India, would you still be able to use it?

Users will most likely be able to connect to NordVPN's servers in other countries even if the company decides to leave India. According to reports, NordVPN has 28 servers in India which users in India and other countries can connect to. Surprisingly, NordVPN's Indian servers provide access to websites that are normally restricted in India.

India enters an unfortunate list of other large countries where Nord and other VPN providers have either pulled servers or never had a presence: Russia, where Nord and other VPN providers pulled servers just after the country ordered VPN firms to provide backdoor access to government on demand in 2019; and China, where VPN providers are subject to stringent controls. 

The Internet Freedom Foundation, a New Delhi-based digital rights advocacy group, claimed in a comprehensive statement released Thursday afternoon, the requirements were "extreme" and would impair VPN users' "individual liberty and privacy."

Millions of Login Credentials Stolen By an 'Unnamed Malware'

 

Cybersecurity researchers from Nord Security have unearthed a new set of Trojan-type malware that has exploited over three million Windows computers and has stolen nearly 26 million login credentials for about a million websites. 

Nord Security researchers have grouped the websites into a dozen categories. These include email services, financial platforms, e-commerce platforms, file storage and sharing services, and social media platforms. In total, the report revealed that the unnamed malware succeeded in stealing about 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.

There are millions of other details the threat actors were able to steal, according to the researchers. The researchers also discovered 6 million files from the victims’ download folders and desktops that were stolen from this unnamed malware. It also took screenshots of the infected systems and tried to take a picture of the victim using the device’s webcam. 

“For every malware that gets worldwide recognition and coverage, there are thousands of custom viruses made specifically for the buyer's needs. These are nameless pieces of malicious code that are compiled and sold on forums and private chats for as little as $100,” Nord Security, explained. 

During their analysis, Nord security researchers observed that each malware that gets worldwide attention has thousands of custom viruses designed specifically for the needs of the br. This is not helped by the fact that there are several nameless malicious codes easily sold on private chats and forums at very cheap amounts. 

“Antimalware software like antiviruses doesn’t fully protect our devices. Public Wi-Fi poses as much danger to our logins as malware does. In many cases, public Wi-Fi can have poorly configured firewalls that let hackers monitor your Wi-Fi connection,” Daniel Markuson, a digital security expert at NordVPN, Nord Security’s VPN service stated.

Hackers are now employing different attacking techniques to launch series of attacks on organizations and users. Last week, the REvil ransomware group targeted Kaseya VSA cloud-based solution and demanded $70 million as a price to unlock the systems encrypted during the supply-chain attack. The gang demanded the ransom of Bitcoin before releasing the tool that enables all affected businesses to recover their files.